allow bootstrapping to validate internode tokens (#16853)

2025-04-27 13:24:52 -04:00 · 2023-03-20 01:40:24 -07:00 · 2023-03-20 01:40:24 -07:00 · 3b5dbf9046
commit 3b5dbf9046
parent 09c733677a
2 changed files with 25 additions and 10 deletions
--- a/cmd/bootstrap-peer-server.go
+++ b/cmd/bootstrap-peer-server.go
@ -101,10 +101,14 @@ func (s1 ServerSystemConfig) Diff(s2 ServerSystemConfig) error {
 }
 var skipEnvs = map[string]struct{}{
-	"MINIO_OPTS":         {},
+	"MINIO_OPTS":          {},
-	"MINIO_CERT_PASSWD":  {},
+	"MINIO_CERT_PASSWD":   {},
-	"MINIO_SERVER_DEBUG": {},
+	"MINIO_SERVER_DEBUG":  {},
-	"MINIO_DSYNC_TRACE":  {},
+	"MINIO_DSYNC_TRACE":   {},
 	"MINIO_ROOT_USER":     {},
 	"MINIO_ROOT_PASSWORD": {},
 	"MINIO_ACCESS_KEY":    {},
 	"MINIO_SECRET_KEY":    {},
 }
 func getServerSystemCfg() ServerSystemConfig {
@ -118,7 +122,7 @@ func getServerSystemCfg() ServerSystemConfig {
 		if _, ok := skipEnvs[envK]; ok {
 			continue
 		}
-		envValues[envK] = env.Get(envK, "")
+		envValues[envK] = logger.HashString(env.Get(envK, ""))
 	}
 	return ServerSystemConfig{
 		MinioEndpoints: globalEndpoints,
@ -126,11 +130,22 @@ func getServerSystemCfg() ServerSystemConfig {
 	}
 }
 func (b *bootstrapRESTServer) writeErrorResponse(w http.ResponseWriter, err error) {
 	w.WriteHeader(http.StatusForbidden)
 	w.Write([]byte(err.Error()))
 }
 // HealthHandler returns success if request is valid
 func (b *bootstrapRESTServer) HealthHandler(w http.ResponseWriter, r *http.Request) {}
 func (b *bootstrapRESTServer) VerifyHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := newContext(r, w, "VerifyHandler")
 	if err := storageServerRequestValidate(r); err != nil {
 		b.writeErrorResponse(w, err)
 		return
 	}
 	cfg := getServerSystemCfg()
 	logger.LogIf(ctx, json.NewEncoder(w).Encode(&cfg))
 }
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
@ -231,8 +231,8 @@ func getTrace(traceLevel int) []string {
 	return trace
 }
-// Return the highway hash of the passed string
+// HashString - return the highway hash of the passed string
-func hashString(input string) string {
+func HashString(input string) string {
 	hh, _ := highwayhash.New(magicHighwayHash256Key)
 	hh.Write([]byte(input))
 	return hex.EncodeToString(hh.Sum(nil))
@ -328,9 +328,9 @@ func errToEntry(ctx context.Context, err error, errKind ...interface{}) log.Entr
 	}
 	if anonFlag {
-		entry.API.Args.Bucket = hashString(entry.API.Args.Bucket)
+		entry.API.Args.Bucket = HashString(entry.API.Args.Bucket)
-		entry.API.Args.Object = hashString(entry.API.Args.Object)
+		entry.API.Args.Object = HashString(entry.API.Args.Object)
-		entry.RemoteHost = hashString(entry.RemoteHost)
+		entry.RemoteHost = HashString(entry.RemoteHost)
 		entry.Trace.Message = reflect.TypeOf(err).String()
 		entry.Trace.Variables = make(map[string]interface{})
 	}